Cyber-security has increasingly become a topic of global concern. Especially after being attacked by a large-scale DDoS, the global public security network almost paralysed. Dahua insists on creating safety value, and trying to call attentions to establish a global new network security ecosystem, protecting network security for end users, installers and device manufacturers.
Security policies for IoT protection
It is not an exaggeration to say that the world is in deep crisis caused by “Network Security Gate”. Especially, in 2016, an American website for online jewellery sales was attacked by hackers. The website was working at its usual rate of 3500 times per second in the HTTP request (garbage request). Following analysis of the original data package by a security researcher, it was found that these HTTP requests were all from IP cameras. A DDoS attack launched by a botnet consisting of 25000 cameras was the biggest CCTV (closed-circuit television camera) botnet. Last October, America suffered the largest DDoS attack, leading to website crashes along the entire east coast of the country. Within 24 hours, the pages were not visible. Ultimately, this was found that caused by a botnet, which was made up of cameras and other intelligence devices.
A couple of network security events occurred last year had brought challenges to the IoT, network security. Governments all around the world have issued laws and guidelines to achieve IoT protection. It shows that IoT network security incidents are closely related to video surveillance systems, and most IoT devices problems are caused by the cyber security video surveillance issues. Therefore, in the foreseeable future, foreign hackers will make full use of video surveillance system to initiate DDos attacks.
Global security industry development
2010 was a watershed year for development of the global security industry. When monitoring devices are used independently, there aren’t any security laws. However, video surveillance is now becoming a core part of the IoT system. Video surveillance equipment not only started to make progress on high definition, but also experienced the reform of from conventional analogy monitoring to network monitoring.
With IP cameras, NVR and IP storage server listing, video surveillance has been witnessed rapidly advanced networking |
With IP cameras, NVR and IP storage server listing, video surveillance has been witnessed rapidly advanced networking. In the technical architecture of IoT and big data, cyber video surveillance has reached a new stage. However, it faces many problems:
- Potential vulnerability to hackers
Firstly, video surveillance products have become increasingly necessary in many fields. Driven by security concerns and cost improvements, standard equipment can be found in most retail stores and offices. Video surveillance equipment connected with infiltrating broadband and mobile Internet, lowering the cost of bandwidth and data usage. Remote monitoring and alarming systems are now common used with a mobile APP that comes from video devices. However, that has resulted in many video devices becoming exposed to potential hackers online.
- Cyber security regulations
Secondly, cyber security lacks comprehensive regulations regarding the building of projects. In global security projects, referring to the standard controls, design, construction or acceptance, cyber security is ignored with a lack of regulation. To this extend, there is a lot of work in the field of cyber security to develop the security industry.
- Security awareness
Thirdly, users often lack security awareness. Many IP camera users just set simple passwords, such as 1234 admin and so on, while some of them even use a null password or a default password. Thus, hackers easily take control of the system and make a further use of it.
- Security device interoperability
Finally, many network monitoring devices manufacturers have exported a large volume of products to other countries. In order to save costs, some of the manufacturers use generic and open source firmware, or adopt OEM products without any security reinforcement. As a result, devices with different brands are set up with default passwords and share the same flaws. Once the vulnerabilities have been exposed, it is hard to upgrade and fix them. Meanwhile, manufacturer has faced the similar problems in terms of technology.
Network security ecosystem
Since a large scale of DDoS attacks that caused interruption to public Internet service in 2016, IoT device cyber security is growingly caught attention. Video devices are a big proportion of the demanding. How to prevent data and information from being stolen, protect the video surveillance against sabotaging, and prevent attacks from botnet are serious problems to be solved urgently. It’s not difficult to see that every link in the network security is weak, so establishing a new ecosystem for network security is crucial in order to resist attacks.
In the construction of projects, installer plays an important role of a bridge and link between end users and manufacturer |
Defence mechanisms against hackers
Globally, whether at home or for commercial application, all network monitoring devices exposed to the Internet will be at risk of hacker attacks. Therefore, users have two methods of defence: one strategy is to be invisible to auto attack tools. Connect IP cameras to the embedded PoE port of NVR (usually these ports were isolated from outside network), change ports in both the NVR and the mobile app. Another strategy is to follow all the simple steps to enhance immunity, no network knowledge required: default password, weak password, create user account (no admin privilege) for use on mobile app and remote viewing, check & upgrade to the latest firmware, do not let outsiders see your video equipment brand & model. Customer can use a compound of letters, special symbols, numbers, in order to enhance the security levels. When you type passwords, you should be careful as you type your bank account password to avoiding other people seeing. You can also choose a safer account. Regularly check whether devices exhibit possible vulnerabilities, and try your best to avoid deploying network video surveillance equipment on the Internet. Instead, you can deploy on a private network or connect through a VPN. When you transfer data to the cloud, you have to use safe network connections, not store sensitive data like account numbers and passwords on the phone or other control equipment, for fear of risk by malicious intrusions on phone. You should also download the latest patches and firmware timely. When choosing a brand, it is best to choose well-known brands because they always do well in product tests.
Installers- bridging the gap between end users and manufacturers
In the construction of projects, installer plays an important role of a bridge and link between end users and manufacturer. They need to master all the defensive measures in cyber security, and educate end user about the importance of cyber security. In this way, end users will be aware of the importance of safety. It suggests that engineers offer regular testing services, such as perfect the system, check system log, complete firmware update, check cyber security risks, and update the status of firewall. Whether users can isolate video equipment from other network equipment, especially WiFi accessible network (VLAN or separate network switch using different network segment), disabling UPnP and common mistakes of end user & mitigation. This is not only responsible behaviour towards end users with the quality of service improved, but will also lead to greater profits. Some of the monitoring devices can change their settings through the command access port and data access port, since engineers operate some cipher modifications. It demands strict control for verifying the identification of installers, to avoid users’ privacy being disclosed. Meanwhile, if engineers have been using passwords such as 66666666 or 888888 during installation, it is quite easy to be invaded. This not only means to network monitoring, but also for other security devices, thus it’s necessary to complete the secondary encryption.
Training and management for cyber devices
Due to specialty of security equipment application, once equipment attacked by hacker, it could cause damage to individual privacy, social information, and even national production safety. In order to promote global network monitoring, Dahua Technology has put a lot of efforts into establishing a leading cyber-security structure and system. Considering a lot about cyber security in product development, for the end users, Dahua will teach customers to keep good habit of using cyber devices, especially managing well and resetting password regularly, and caring about the cyber environment safety. For installers, Dahua not only creates a market in the service programs which installers provide regular maintenance check, raises their awareness of end users’ products safety, but also train installers how to avoid the DDoS attack. Dahua is considering setting up a standard testing scheme for network monitoring devices, and add QA processes. There is no doubt all of these intentions demand Dahua invest more on research and development, train professional contingents, and implement strict management and control.
Regardless of national policies or industry development, network security is here for the long-term schedule |
Security audits and verifications
Some small-scale enterprises may realise it is a significant impact, and fail to continue technology iteration and development. Manufacturers should incorporate various network security elements into the R&D process, apply protection technology to product functionality starting from the initial R&D, and guarantee the quality of development to a high standard, then eliminate any known security weaknesses. Based on security audits, this ensures the safety of final issued products. For instance, Dahua uses security-testing tools to analyse the network protocol safety, toughness and reliability of all products, and discover the vulnerability. At the same time, Dahua uses validators to guarantee all its products verified by professional team of cyber security before issued. Besides, Dahua communicates and exchanges ideas frequently with users and engineers to get feedback from the market. Facing with IoT and big data, Dahua has boundary-crossing cooperation with IT industry, to promote the security testing methods, testing tools and safety standards of related security products together.
Furthermore, manufacturers also need to communicate extensively with users and engineers to collect market feedback. Faced with the IoT and big data, the network monitoring devices manufacturers start cross-border cooperation with IT industry. With these new opportunities, enterprises will create greater value.
Spreading public awareness
Compared to the IT and telecommunication industry, public awareness of network security seems to be far behind. Regardless of national policies or industry development, network security is here for the long-term schedule. However, Dahua has grasped the opportunity to create much more value.
Attacked by DDoS and safety problems that exist in video surveillance based on IoT system, have been attracted the attention to the cyber security. However, cyber security needs a joint effort from all levels, involving how to establish a global new network security ecosystem becomes the breakthrough in ecological chain. Dahua Technology, with its value proposition of “Innovation, Quality and Services”, has presented unprecedented importance to cyber security. Moreover, Dahua Technology is making a full of efforts to provide innovative and reliable security technology to establish a global new network security ecosystem, realising the mission of “Safer Society, Smarter Living”.